1. Create an External Threat Feed. This can be done on Windows Server OS (IIS) or any program that can act as a web server.

    

On the respective operating system, create a plain text file with IP addresses.

Ensure this threat feed can be accessed through the web browser.

2. Accessing through any browser:

3. Connect the FortiGate to the External IP address List:  
   In the GUI, go to Security Fabric -> External Connectors, select 'Create New', scroll down, and under Threat Feeds, select IP Address. 

4. Configure it appropriately. The URL/FQDN should be able to resolvable to the IP Address list accessed on the web server's browser.

5. After configuring, the status of the Threat Feed should be valid and have a green check mark. Refer to the above image on the right side:

6. Select the 'View Entries' button to view the contents of the External IP List. All entries should be deemed Valid by FortiGate.

7. To add an external threat feed IP address as a source or destination in a firewall policy, follow these steps:
8. Navigate to Policy & Objects, expand the dropdown, and select Security Policy. Choose the desired policy and select 'Edit'. Select the Source/Destination, scroll down to Address Threat Feed, and select the added threat feed.

Once the External Threat Feed for IP address is selected, proceed with the following security policy actions, such as Accept/Deny.

To understand the External Threat Feed Limit, refer to the following article: 

Technical Tip: External threat list resource entry limits

To configure the External Threatfeed for URL, refer to the following article: 

Technical Tip: Configuring a custom External Threat Feed URL for Web Filter